CN112507373A - Remote access method for industrial field data in industrial internet - Google Patents

Remote access method for industrial field data in industrial internet Download PDF

Info

Publication number
CN112507373A
CN112507373A CN202011205017.2A CN202011205017A CN112507373A CN 112507373 A CN112507373 A CN 112507373A CN 202011205017 A CN202011205017 A CN 202011205017A CN 112507373 A CN112507373 A CN 112507373A
Authority
CN
China
Prior art keywords
data
industrial field
field data
client
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011205017.2A
Other languages
Chinese (zh)
Other versions
CN112507373B (en
Inventor
王斌
张天石
王健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Speedycloud Technology Co ltd
Original Assignee
Beijing Speedycloud Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Speedycloud Technology Co ltd filed Critical Beijing Speedycloud Technology Co ltd
Priority to CN202011205017.2A priority Critical patent/CN112507373B/en
Publication of CN112507373A publication Critical patent/CN112507373A/en
Application granted granted Critical
Publication of CN112507373B publication Critical patent/CN112507373B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a remote access method for industrial field data in an industrial internet, belongs to the technical field of data security, and is used for solving the problems of low security of the existing remote data transmission encryption and the like. The method comprises the following steps: the client initiates an access request for accessing the data of the data server to the intermediate server; the intermediate server establishes a communication connection relation with the client and the data server and forwards the access request to the data server; responding to the access request, the data server performs first transformation on the industrial field data requested to be accessed according to the first deep neural network to obtain encrypted industrial field data, and the encrypted industrial field data is transmitted back to the client through the intermediate server; the client side carries out second transformation on the encrypted industrial field data according to a second deep neural network to obtain decrypted industrial field data; wherein the first transformation process and the second transformation process are reciprocal. The invention has higher encryption complexity and higher security.

Description

Remote access method for industrial field data in industrial internet
Technical Field
The invention relates to the technical field of data security, in particular to a remote access method for industrial field data in an industrial internet.
Background
The essence and core of the industrial internet is that the equipment, production lines, factories, suppliers, products and customers are tightly connected and converged through an industrial internet platform. With the development of industrial internet, the remote access to industrial field data can access the currently networked field device data through a remote client, so that the labor and the time cost of running on the spot are saved, and the unified return management of the field data is facilitated.
Remote Database Access (RDA) is a key technology for supporting the realization of interconnection and interoperation of databases in a network environment, and the RDA becomes an important link in the construction of any information system in the application situation that the current network technology is mature and the Database realizes a client/server architecture. Common RDA services can be divided into five classes: a session management service, a transaction management service, a control service, a resource processing service, and a database language service. The first two types of services are primarily related to database management, and the last three types of services are primarily related to database access. Dialog management services provide a facility for managing RDA dialogs, transaction management services support the management of transactions, control services are used to determine the status of and cancel RDA operations that have not yet been completed, resource handling services are used to manage database resources, database language (DBL) services involve defining and undoing DBL operations, invoking earlier defined operations, performing DBL operations, and so on.
In the existing remote database access method, data is required to be encrypted in a back-and-forth transmission process when a client remotely accesses data on a server, but the traditional encryption mode is that original data is subjected to linear transformation or nonlinear transformation with display expression, the security is not high enough and is easy to be attacked and broken, and if the security of an encryption algorithm is improved, the encryption and decryption costs are too high, so that the method is not suitable for massive interaction of short-time data.
Disclosure of Invention
The invention provides a remote access method for industrial field data in an industrial internet, which is used for solving the problems that the encryption security of data transmission in the existing remote database access is not high or the encryption and decryption costs of an encryption transmission mode with high security are relatively high. The remote access method for the industrial field data in the industrial internet adopts a new encryption mode which is non-displayed nonlinear transformation, and has higher complexity and higher safety when ensuring the computation amount of the same magnitude compared with the prior art.
The invention provides a remote access method for industrial field data in an industrial internet, which comprises the following steps:
the client initiates an access request for accessing the data of the data server to the intermediate server;
the intermediate server establishes a communication connection relation with the client and the data server and forwards the access request to the data server;
responding to the access request, the data server performs first transformation on the industrial field data requested to be accessed according to a first deep neural network to obtain encrypted industrial field data, and the encrypted industrial field data is sent to the intermediate server;
the intermediate server transmits the encrypted industrial field data back to the client;
the client side carries out second transformation on the encrypted industrial field data according to a second deep neural network to obtain decrypted industrial field data; wherein the first transformation process and the second transformation process are reciprocal.
In an optional embodiment, the data server performs a first transformation on the industrial field data requested to be accessed according to a first deep neural network, obtains encrypted industrial field data, and sends the encrypted industrial field data to the intermediate server, including:
dividing the industrial field data X requested to be accessed into two groups to obtain a first group of industrial field data X1And a second set of industrial field data X2
The following formula is adopted for the first group of industrial field data X1And a second set of industrial field data X2Performing a first transformation:
Figure BDA0002756718820000031
the first group of industrial field data X1And a second set of industrial field data X2Output data obtained by the first transformation
Figure BDA0002756718820000032
And
Figure BDA0002756718820000033
sending the encrypted industrial field data to the intermediate server;
wherein the content of the first and second substances,
Figure BDA0002756718820000034
an intermediate output of the first deep neural network model;
X=(a1,1,…,a1,n,a2,1,…,a2,n,…,am,1,…,am,n)T∈Rmn,(aj,1,…,aj,n) Is composed of
J is 1, …, m in the industrial field data requested to be accessed; n is the number of parameters in each piece of industrial field data, and m is the total number of data in the industrial field data requested to be accessed;
X1=(a1,1,…,a1,n,…,ai,1,…,ai,n)T∈Rin
X2=(ai+1,1,…,ai+1,n,…,am,1,…,am,n)T∈R(m-i)n
wherein m is(1)() The expression for this function is: m is(1)(x)=W2·σ(W1x+b1)+b2,m(2)() The expression for this function is: m is(2)(x)=W4·σ(W3x+b3)+b4
The expression of the function σ () is:
Figure BDA0002756718820000035
W1,W2,W3,W4,b1,b2,b3,b4the matrix is a preset matrix and is an intermediate parameter of the model;
wherein, W1∈Rin×inRepresents W1Is an in x in dimensional real matrix, W2∈R(m-i)n×inRepresents W2Is (m-i) n × in dimension real matrix, W3∈R(m-i)n×(m-i)nRepresents W3Is (m-i) n x (m-i) n dimensional real matrix, W4∈R(m-i)n×inRepresents W4Is (m-i) n x in dimension real matrix;
b1,b4∈Rindenotes b1,b4Is an in-dimensional real vector; b2,b3∈R(m-i)nDenotes b2,b3Is (m-i) n-dimensional real vector.
In an optional embodiment, the second transforming, by the client, the encrypted industrial field data according to a second deep neural network to obtain decrypted industrial field data includes:
the client side adopts the following formula to encrypt the received industrial field data
Figure BDA0002756718820000036
And
Figure BDA0002756718820000037
and carrying out a second transformation:
Figure BDA0002756718820000041
wherein the content of the first and second substances,
Figure BDA0002756718820000042
is an intermediate output of the second deep neural network model;
the result Y output after the second transformation1And Y2And merging to obtain the decrypted industrial field data.
In an alternative embodiment, i ═ m/2, and [ m/2] represents the largest integer not exceeding m/2.
In an optional embodiment, the method for remotely accessing industrial field data in the industrial internet further includes:
acquiring a certain amount of industrial field data as sample data in advance;
training the sample data by adopting the first deep neural network to obtain the W1,W2,W3,W4And b1,b2,b3,b4The value of (c).
In an alternative embodiment, W is1,W2,W3,W4,b1,b2,b3,b4Obeying a standard gaussian distribution.
In an alternative embodiment, the industrial field data includes at least sensory data and operational data.
In an optional embodiment, the establishing, by the intermediate server, a communication connection relationship with the client and the data server, and forwarding the access request to the data server includes:
when the intermediate server receives an access request sent by the client, verifying the access authority of a login user corresponding to the access request;
if the access authority of the login user corresponding to the access request passes the verification, the intermediate server responds to the access request and respectively establishes communication connection relations with the client and the data server;
the intermediate server forwards the access request to the data server.
In an alternative embodiment, the access rights of the logged-in user include, but are not limited to: compliance of the user account and access rights of the user account to different data.
In an optional embodiment, the establishing, by the intermediate server, a communication connection relationship with the client and the data server, and forwarding the access request to the data server includes:
in an optional embodiment, the establishing, by the intermediate server, a communication connection relationship with the client and the data server, and forwarding the access request to the data server includes:
step A1, the intermediate server calculates the signal-to-noise ratio (SINR) value of the client according to the self transmitting frequency; the SINR value is expressed as a ratio of signal to interference signal plus noise:
Figure BDA0002756718820000051
wherein σi1Expressed as SINR value, P, of the i1 th clientm1Expressed as the transmission frequency of the intermediate server, gi1Expressed as the corresponding path gain, ω, when the intermediate server transmits a signal to said i1 th clienti1The path gain coefficient is expressed as a path gain coefficient corresponding to the signal transmitted by the intermediate server to the i1 th client, and the value is [0.5, 0.8 ]]N denotes the total number of clients sending access requests to the intermediate server, gj1The path gain is expressed as the corresponding path gain when the intermediate server transmits a signal to the j1 th client, and ω is expressed as an error factor in the calculation process and takes the value of [0.05, 0.1%];pmIs the average transmit frequency of the intermediate server;
step a2, obtaining the user data of the client according to the SINR value of the client:
Figure BDA0002756718820000052
wherein L isi1Representing the user data of the i1 th client, wherein log is a logarithm calculation symbol, det is a preset parameter, and the value range is [2,10 ]],QSExpressed as the current bandwidth, R, of the intermediate servermaxRepresenting the preset maximum client connection number of the intermediate server;
step A3, inputting the user data of the client into a preset user database for retrieval, confirming whether matched target user data exists, and if yes, continuing to execute step A4; otherwise, sending a prompt of 'unable to connect to the server' to the client;
step A4, sending out double prompts of password authentication and face authentication to the client;
step A5, verifying whether the target password provided by the client is correct, comparing the current face image provided by the client with a preset face image of the client pre-recorded by an intermediate server, and when the current face image is confirmed to be the same as the preset face image and the target password is verified to be passed, confirming that the client identity information is verified to be passed and establishing the communication connection relation between the intermediate server and the client as well as between the intermediate server and a data server;
step A6, after the connection relationship is established, the intermediate server forwards the access request to the data server.
The invention provides a new data transmission encryption mode for remote access of industrial field data in the industrial internet based on a deep neural network, wherein the encryption mode is reversible nonlinear transformation without expression, and has the same calculation amount compared with the prior art, but has higher complexity, is more difficult to break, and can well overcome the problems in the prior art.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of a method for remotely accessing industrial field data in an industrial Internet according to the present invention;
FIG. 2 is a flow chart of a method for encrypting industrial field data requested to be accessed through a first deep neural network according to the present invention;
fig. 3 is a flowchart of a method for decrypting encrypted industrial field data through a second deep neural network according to the present invention.
Detailed Description
The remote access method for the industrial field data in the industrial internet is used for encrypting and decrypting the industrial field data in the industrial internet through the deep neural network in the remote access process. The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Fig. 1 is a flowchart of a method for remotely accessing industrial field data in an industrial internet according to the present invention, as shown in fig. 1, the method includes the following steps S1-S5:
s1: the client initiates an access request for accessing the data of the data server to the intermediate server.
In this embodiment, similar to the existing method for remotely accessing a server, a client sends an access request for a data server in an industrial field to an intermediate server, where the access request carries information such as a client identifier, a data server identifier, and a data identifier requested to be accessed. The intermediate server may be a virtual server, or other device terminals that can implement remote transfer.
S2: and the intermediate server establishes a communication connection relation with the client and the data server and forwards the access request to the data server.
In an optional embodiment, when receiving the access request sent by the client, the intermediate server verifies the access right of the login user corresponding to the access request, if the access right passes the verification, the intermediate server responds to the access request, establishes communication connection relations with the client and the data server respectively, and finally forwards the access request to the data server.
The access right of the login user includes but is not limited to: compliance of the user account and access rights of the user account to different data. For example, the data server stores data of a plurality of devices, and access rights of different registered users (users with remote access compliance) to the data of different devices may be preset, for example, the user account a may view industrial data of the first device, and the user account B may view industrial data of all devices, which is not described herein again.
S3: and responding to the access request, the data server performs first transformation on the industrial field data requested to be accessed according to the first deep neural network to obtain encrypted industrial field data, and the encrypted industrial field data is sent to the intermediate server.
Wherein, the industrial field data is mainly divided into two parts: one part is operation data used for recording mouse movement, operation commands and the like; and a part of the data is sensing data which is used for representing the working state of the machine, such as observation data of wind speed, pressure, temperature, humidity and the like.
In this embodiment, a first deep neural network is preset, and after receiving a data access request, the data server performs a first transformation on the industrial field data requested to be accessed according to the first deep neural network, where the transformed data is encrypted data used for transmission during remote access in this embodiment.
S4: and the intermediate server transmits the encrypted industrial field data back to the client.
S5: the client side carries out second transformation on the encrypted industrial field data according to a second deep neural network to obtain decrypted industrial field data;
wherein the first transformation process and the second transformation process are reciprocal.
In this embodiment, when the client receives the industrial field data encrypted by the first deep neural network, the second deep neural network performs second transformation on the encrypted industrial field data, and the transformation process of the second deep neural network on the data is reciprocal to the transformation process of the first deep neural network on the data, so that after the second transformation, the encrypted industrial field data is decrypted into original data of the data server, and a user can normally view the data by the client.
The remote access method for the industrial field data in the industrial internet is based on the deep neural network to encrypt and decrypt the data, the encryption mode is reversible nonlinear transformation without expression, and compared with the existing encryption technology, the encryption method has the same calculation amount but higher complexity, is more difficult to break, and can well overcome the problems in the prior art.
In an alternative embodiment, as shown in fig. 2, the method for encrypting the industrial field data requested to be accessed through the first deep neural network includes the following steps S31-S33:
s31: dividing the industrial field data X requested to be accessed into two groups to obtain a first group of industrial field data X1And a second set of industrial field data X2
In this embodiment, it is assumed that the industrial field data requested to be accessed is in a matrix form of A ∈ Rm×nI.e. by
Figure BDA0002756718820000081
Firstly, flattening the data in a matrix form into X, and taking the X as input data of a first deep neural network:
X=(a11,…,a1n,a21,…,a2n,…,am1,…,amn)T∈Rmn
wherein (a)i1,…,ain) The ith data in the industrial field data requested to be accessed is 1, …, m; n is the number of parameters in each piece of industrial field data, and m is the total number of data in the industrial field data requested to be accessed; rmnRepresenting m parts of one-dimensional column vector XThe industrial field data has n parameters per industrial field data, namely, m multiplied by n data in X.
In this embodiment, the first i × n data in X are divided into the first group of industrial field data X1Taking the last (m-i) X n data in X as a second group of industrial field data X2Namely: taking the 1 st to i th data in the industrial field data requested to be accessed as a first group of industrial field data X1(corresponding to the 1 st to i th rows in the matrix A), and taking the (m-i) th to m th data in the industrial field data requested to be accessed as a second group of industrial field data X2(corresponding to the (m-i) -m rows in the matrix A), X1And X2The expression of (a) is as follows:
X1=(a1,1,…,a1,n,…,ai,1,…,ai,n)T∈Rin
X2=(ai+1,1,…,ai+1,n,…,am,1,…,am,n)T∈R(m-i)n
obviously, X1Is a matrix of (i × n) × 1, X2Is a matrix of ((m-i) × n) × 1.
Preferably, i ═ m/2],[m/2]Represents the largest integer not exceeding m/2. For example, if a is a5 × 2 matrix, i is 2, resulting in X1Is a4 × 1 matrix, X2Is a6 x 1 matrix.
S32: using a first predetermined formula (1) to process a first group of industrial field data X1And a second set of industrial field data X2Performing a first transformation:
Figure BDA0002756718820000091
wherein the content of the first and second substances,
Figure BDA0002756718820000092
an intermediate output of the first deep neural network model; m is(1)() The expression of this function is shown in equation (2), m(2)() The expression of this function is shown in formula (3):
m(1)(x)=W2·σ(W1x+b1)+b2 (2)
m(2)(x)=W4·σ(W3x+b3)+b4 (3)
In equations (2) and (3), the expression of the function σ () is:
Figure BDA0002756718820000101
in the formulae (2) and (3), W1∈Rin×in,W2∈R(m-i)n×in,W3∈R(m-i)n×(m-i)n,W4∈R(m-i)n×in,b1,b4∈Rin,b2,b3∈R(m-i)n。W1∈Rin×inRepresents W1Is a real matrix of dimensions in x in, W2∈R(m-i)n×inRepresents W2Is a real matrix of dimension (m-i) n × in, e.g. W if m is 5, n is 2, i is 21Is a4 x 4 dimensional real matrix, W2Is a real matrix of 6 x 4 dimensions, W3∈R(m-i)n×(m-i)nRepresents W3Is (m-i) n x (m-i) n dimensional real matrix, W4∈R(m-i)n×inRepresents W4Is (m-i) n x in dimension real matrix; b1,b4∈RinDenotes b1,b4Is an in-dimensional real vector; b2,b3∈R(m-i)nDenotes b2,b3Is (m-i) n-dimensional real vector.
Alternatively, W1,W2,W3,W4,b1,b2,b3,b4Is a preset matrix, W, used as an encryption and decryption key in the data transmission process provided by the embodiment of the invention1,W2,W3,W4,b1,b2,b3,b4The value of (c) can be preset empirically. Preferably, W1,W2,W3,W4,b1,b2,b3,b4Obeying a standard gaussian distribution.
In an optional embodiment, before the method provided by the present invention is executed, a certain amount of industrial field data is collected as sample data in advance, and then the sample data is trained by using the first deep neural network to obtain the W1,W2,W3,W4And b1,b2,b3,b4The value of (c).
S33: the first group of industrial field data X1And a second set of industrial field data X2And the output data obtained after the first transformation is used as the encrypted industrial field data and sent to the intermediate server.
In this embodiment, the data server performs the first transformation on the output data
Figure BDA0002756718820000102
And sending the data to the intermediate server as encrypted industrial field data. Up to this point, the industrial field data requested to be accessed is completed by the first deep neural network encryption represented by equations (1) to (3).
In an alternative embodiment, as shown in FIG. 3, the encrypted industrial field data is processed by a second deep neural network
Figure BDA0002756718820000103
The method of performing decryption includes the following steps S51-S52:
s51: the received encrypted industrial field data is processed by adopting a second preset formula (5)
Figure BDA0002756718820000111
And
Figure BDA0002756718820000112
and carrying out a second transformation:
Figure BDA0002756718820000113
wherein the content of the first and second substances,
Figure BDA0002756718820000114
is an intermediate output of the second deep neural network model; function m(1)() And m(2)() Still using the above equations (2) - (4) used in the first transformation, it is clear that the calculated values are known from mathematical derivation
Figure BDA0002756718820000115
Equal to that obtained in the calculation process using the formula (1)
Figure BDA0002756718820000116
Calculated
Figure BDA0002756718820000117
Equal to that obtained in the calculation process using the formula (1)
Figure BDA0002756718820000118
Calculated
Figure BDA0002756718820000119
Equal to that obtained in the calculation process using the formula (1)
Figure BDA00027567188200001110
Calculated
Figure BDA00027567188200001111
Equal to that obtained in the calculation process using the formula (1)
Figure BDA00027567188200001112
Calculated
Figure BDA00027567188200001113
Equal to that obtained in the calculation process using the formula (1)
Figure BDA00027567188200001114
Calculated
Figure BDA00027567188200001115
Equal to that obtained in the calculation process using the formula (1)
Figure BDA00027567188200001116
In the calculation process by adopting the formula (1),
Figure BDA00027567188200001117
thus calculated
Figure BDA00027567188200001118
Figure BDA00027567188200001119
According to formula (1)
Figure BDA00027567188200001120
Can obtain
Figure BDA00027567188200001121
While
Figure BDA00027567188200001122
Thus Y is2=X2. As can be seen, Y is output from the second deep neural network1And Y2First set of industrial field data X equal to a first deep neural network initially input1And a second set of industrial field data X2Through the process, the decryption of the output data of the first deep neural network can be realized.
S52: the result Y output after the second transformation1And Y2And merging to obtain the decrypted industrial field data.
In this embodiment, the industrial field data X requested to be accessed is divided into X according to step S311And X2The result Y output after the second conversion1And Y2And recombining the data into X to obtain the original data of the industrial field data requested to be accessed at the time.
In an optional embodiment, the establishing, by the intermediate server, a communication connection relationship with the client and the data server, and forwarding the access request to the data server includes:
in an optional embodiment, the establishing, by the intermediate server, a communication connection relationship with the client and the data server, and forwarding the access request to the data server includes:
step A1, the intermediate server calculates the signal-to-noise ratio (SINR) value of the client according to the self transmitting frequency; the SINR value is expressed as a ratio of signal to interference signal plus noise:
Figure BDA0002756718820000121
wherein σi1Expressed as SINR value, P, of the i1 th clientm1Expressed as the transmission frequency of the intermediate server, gi1Expressed as the corresponding path gain, ω, when the intermediate server transmits a signal to said i1 th clienti1The path gain coefficient is expressed as a path gain coefficient corresponding to the signal transmitted by the intermediate server to the i1 th client, and the value is [0.5, 0.8 ]]N denotes the total number of clients sending access requests to the intermediate server, gj1The path gain is expressed as the corresponding path gain when the intermediate server transmits a signal to the j1 th client, and ω is expressed as an error factor in the calculation process and takes the value of [0.05, 0.1%];pmIs the average transmit frequency of the intermediate server;
step a2, obtaining the user data of the client according to the SINR value of the client:
Figure BDA0002756718820000122
wherein L isi1Representing the user data of the i1 th client, wherein log is a logarithm calculation symbol, det is a preset parameter, and the value range is [2,10 ]],QSExpressed as the current bandwidth, R, of the intermediate servermaxIs shown as presetThe maximum number of client connections of the intermediate server;
step A3, inputting the user data of the client into a preset user database for retrieval, confirming whether matched target user data exists, and if yes, continuing to execute step A4; otherwise, sending a prompt of 'unable to connect to the server' to the client;
step A4, sending out double prompts of password authentication and face authentication to the client;
step A5, verifying whether the target password provided by the client is correct, comparing the current face image provided by the client with a preset face image of the client pre-recorded by an intermediate server, and when the current face image is confirmed to be the same as the preset face image and the target password is verified to be passed, confirming that the client identity information is verified to be passed and establishing the communication connection relation between the intermediate server and the client as well as between the intermediate server and a data server;
step A6, after the connection relationship is established, the intermediate server forwards the access request to the data server.
The beneficial effects of the above technical scheme are: the method comprises the steps of calculating an SINR value of a current client i1 by obtaining a transmitting frequency of an intermediate server to accurately determine interference signals and noise in a transmission process, further calculating user data of the current client i1 by using the SINR value of the current client i1, avoiding disturbance of the interference signals, enabling the obtained user data of the current client i1 to be more accurate and real, meanwhile, searching whether target user data matched with the user data of the current client i1 exists in a preset user database to accurately and preliminarily confirm whether the current client i1 has the authority of connecting the intermediate server, after confirming the authority, further using a current face image and a target password provided by the current client i1 to double-verify identity, connection between the intermediate server and a data server can be realized through verification, and connection safety and reliability are guaranteed, the security of the data in the data server is further ensured.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A remote access method for industrial field data in industrial Internet is characterized by comprising the following steps:
the client initiates an access request for accessing the data of the data server to the intermediate server;
the intermediate server establishes a communication connection relation with the client and the data server and forwards the access request to the data server;
responding to the access request, the data server performs first transformation on the industrial field data requested to be accessed according to a first deep neural network to obtain encrypted industrial field data, and the encrypted industrial field data is sent to the intermediate server;
the intermediate server transmits the encrypted industrial field data back to the client;
the client side carries out second transformation on the encrypted industrial field data according to a second deep neural network to obtain decrypted industrial field data; wherein the first transformation process and the second transformation process are reciprocal.
2. The method for remotely accessing industrial field data in the industrial internet as claimed in claim 1, wherein the data server performs a first transformation on the industrial field data requested to be accessed according to a first deep neural network to obtain encrypted industrial field data, and sends the encrypted industrial field data to the intermediate server, comprising:
dividing the industrial field data X requested to be accessed into two groups to obtain a first group of industrial field data X1And a second set of industrial field data X2
The following formula is adopted for the first group of industrial field data X1And a second set of industrial field data X2Performing a first transformation:
Figure FDA0002756718810000011
the first group of industrial field data X1And a second set of industrial field data X2Output data obtained by the first transformation
Figure FDA0002756718810000012
And
Figure FDA0002756718810000013
sending the encrypted industrial field data to the intermediate server;
wherein the content of the first and second substances,
Figure FDA0002756718810000014
an intermediate output of the first deep neural network model;
X=(a1,1,…,a1,n,a2,1,…,a2,n,…,am,1,…,am,n)T∈Rmn,(aj,1,…,aj,n) Is composed of
J is 1, …, m in the industrial field data requested to be accessed; n is the number of parameters in each piece of industrial field data, and m is the total number of data in the industrial field data requested to be accessed;
X1=(a1,1,…,a1,n,…,ai,1,…,ai,n)T∈Rin
X2=(ai+1,1,…,ai+1,n,…,am,1,…,am,n)T∈R(m-i)n
wherein m is(1)() The expression for this function is: m is(1)(x)=W2·σ(W1x+b1)+b2,m(2)() The expression for this function is: m is(2)(x)=W4·σ(W3x+b3)+b4
The expression of the function σ () is:
Figure FDA0002756718810000021
W1,W2,W3,W4,b1,b2,b3,b4the matrix is a preset matrix and is an intermediate parameter of the model;
wherein, W1∈Rin×inRepresents W1Is an in x in dimensional real matrix, W2∈R(m-i)n×inRepresents W2Is (m-i) n × in dimension real matrix, W3∈R(m-i)n×(m-i)nRepresents W3Is (m-i) n x (m-i) n dimensional real matrix, W4∈R(m-i)n×inRepresents W4Is (m-i) n x in dimension real matrix;
b1,b4∈Rindenotes b1,b4Is an in-dimensional real vector; b2,b3∈R(m-i)nDenotes b2,b3Is (m-i) n-dimensional real vector.
3. The method as claimed in claim 2, wherein the step of the client performing a second transformation on the encrypted industrial field data according to a second deep neural network to obtain the decrypted industrial field data comprises:
the client side adopts the following formula to encrypt the received industrial field data
Figure FDA0002756718810000022
And
Figure FDA0002756718810000023
and carrying out a second transformation:
Figure FDA0002756718810000024
wherein the content of the first and second substances,
Figure FDA0002756718810000025
is an intermediate output of the second deep neural network model;
the result Y output after the second transformation1And Y2And merging to obtain the decrypted industrial field data.
4. The remote access method for industrial field data in industrial internet according to claim 2 or 3, wherein i ═ m/2], [ m/2] represents the maximum integer not exceeding m/2.
5. The remote access method for industrial field data in industrial internet according to claim 2 or 3, further comprising:
acquiring a certain amount of industrial field data as sample data in advance;
training the sample data by adopting the first deep neural network to obtain the W1,W2,W3,W4And b1,b2,b3,b4The value of (c).
6. The method for remote access to industrial field data in industrial internet as claimed in claim 2 or 3, wherein said W is a W1,W2,W3,W4,b1,b2,b3,b4Obeying a standard gaussian distribution.
7. The method for remote access to industrial field data in an industrial internet as claimed in claim 1, wherein the industrial field data includes at least sensing data and operating data.
8. The method for remotely accessing industrial field data in the industrial internet as claimed in claim 1, wherein the intermediate server establishes a communication connection relationship with the client and the data server and forwards the access request to the data server, comprising:
when the intermediate server receives an access request sent by the client, verifying the access authority of a login user corresponding to the access request;
if the access authority of the login user corresponding to the access request passes the verification, the intermediate server responds to the access request and respectively establishes communication connection relations with the client and the data server;
the intermediate server forwards the access request to the data server.
9. The method for remotely accessing industrial field data in industrial internet as claimed in claim 8, wherein the access right of the login user includes but is not limited to: compliance of the user account and access rights of the user account to different data.
10. The method for remotely accessing industrial field data in the industrial internet as claimed in claim 1, wherein the intermediate server establishes a communication connection relationship with the client and the data server and forwards the access request to the data server, comprising:
step A1, the intermediate server calculates the signal-to-noise ratio (SINR) value of the client according to the self transmitting frequency; the SINR value is expressed as a ratio of signal to interference signal plus noise:
Figure FDA0002756718810000041
wherein σi1Expressed as SINR value, P, of the i1 th clientm1Expressed as the transmission frequency of the intermediate server, gi1Expressed as the corresponding path gain, ω, when the intermediate server transmits a signal to said i1 th clienti1The path gain coefficient is expressed as a path gain coefficient corresponding to the signal transmitted by the intermediate server to the i1 th client, and the value is [0.5, 0.8 ]]N denotes the total number of clients sending access requests to the intermediate server, gj1The path gain is expressed as the corresponding path gain when the intermediate server transmits a signal to the j1 th client, and ω is expressed as an error factor in the calculation process and takes the value of [0.05, 0.1%];pmIs the average transmit frequency of the intermediate server;
step a2, obtaining the user data of the client according to the SINR value of the client:
Figure FDA0002756718810000042
wherein L isi1Representing the user data of the i1 th client, wherein log is a logarithm calculation symbol, det is a preset calculation parameter, and the value range is [2,10 ]],QSExpressed as the current bandwidth, R, of the intermediate servermaxRepresenting the preset maximum client connection number of the intermediate server;
step A3, inputting the user data of the client into a preset user database for retrieval, confirming whether matched target user data exists, and if yes, continuing to execute step A4; otherwise, sending a prompt of 'unable to connect to the server' to the client;
step A4, sending out double prompts of password authentication and face authentication to the client;
step A5, verifying whether the target password provided by the client is correct, comparing the current face image provided by the client with a preset face image of the client pre-recorded by an intermediate server, and when the current face image is confirmed to be the same as the preset face image and the target password is verified to be passed, confirming that the client identity information is verified to be passed and establishing the communication connection relation between the intermediate server and the client as well as between the intermediate server and a data server;
step A6, after the connection relationship is established, the intermediate server forwards the access request to the data server.
CN202011205017.2A 2020-11-02 2020-11-02 Remote access method for industrial field data in industrial internet Active CN112507373B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011205017.2A CN112507373B (en) 2020-11-02 2020-11-02 Remote access method for industrial field data in industrial internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011205017.2A CN112507373B (en) 2020-11-02 2020-11-02 Remote access method for industrial field data in industrial internet

Publications (2)

Publication Number Publication Date
CN112507373A true CN112507373A (en) 2021-03-16
CN112507373B CN112507373B (en) 2021-07-20

Family

ID=74954968

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011205017.2A Active CN112507373B (en) 2020-11-02 2020-11-02 Remote access method for industrial field data in industrial internet

Country Status (1)

Country Link
CN (1) CN112507373B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization
CN105939491A (en) * 2016-05-25 2016-09-14 乐视控股(北京)有限公司 Video playing method and device
CN109600226A (en) * 2019-01-25 2019-04-09 中国人民解放军国防科技大学 TLS protocol session key recovery method based on random number implicit negotiation
CN110140334A (en) * 2016-11-03 2019-08-16 弗劳恩霍夫应用研究促进协会 It is network-based to download/spread defeated design
CN111563262A (en) * 2020-04-15 2020-08-21 清华大学 Encryption method and system based on reversible deep neural network
CN111797431A (en) * 2020-07-07 2020-10-20 电子科技大学 Encrypted data anomaly detection method and system based on symmetric key system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104023085A (en) * 2014-06-25 2014-09-03 武汉大学 Security cloud storage system based on increment synchronization
CN105939491A (en) * 2016-05-25 2016-09-14 乐视控股(北京)有限公司 Video playing method and device
CN110140334A (en) * 2016-11-03 2019-08-16 弗劳恩霍夫应用研究促进协会 It is network-based to download/spread defeated design
CN109600226A (en) * 2019-01-25 2019-04-09 中国人民解放军国防科技大学 TLS protocol session key recovery method based on random number implicit negotiation
CN111563262A (en) * 2020-04-15 2020-08-21 清华大学 Encryption method and system based on reversible deep neural network
CN111797431A (en) * 2020-07-07 2020-10-20 电子科技大学 Encrypted data anomaly detection method and system based on symmetric key system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
YADI ZHOU等: "Exploring Tunable Hyperparameters for Deep Neural Networks with Industrial ADME Data Sets", 《JOURNAL OF CHEMICAL INFORMATION ANDMODELING》 *

Also Published As

Publication number Publication date
CN112507373B (en) 2021-07-20

Similar Documents

Publication Publication Date Title
US8572712B2 (en) Device independent authentication system and method
US8474025B2 (en) Methods and apparatus for credential validation
DE60312911T2 (en) Mobile authentication system with reduced authentication delay
CN101764819B (en) For detecting the method and system of man-in-the-browser attacks
CN107645486B (en) login authentication method and device
Wang et al. A system framework of security management in enterprise systems
US20180033089A1 (en) Method and system for identifying and addressing potential account takeover activity in a financial system
CN103795690B (en) A kind of method, proxy server and the system of cloud access control
US20090254968A1 (en) Method, system, and computer program product for virtual world access control management
AU2017410919A1 (en) Managing verification repositories to facilitate real-time servicing of verification queries
WO2016040744A1 (en) Systems and methods for online third-party authentication of credentials
WO2020173228A1 (en) Joint training method and apparatus for machine learning model, device, and storage medium
CN1567294A (en) User certification method
CN111049806B (en) Joint authority control method and device, electronic equipment and storage medium
CN108259183A (en) A kind of concern method, apparatus, electronic equipment and medium
KR20090095940A (en) System and Method for Non-faced Financial Transaction by Using Verification of Transaction Step and Program Recording Medium
CN112507373B (en) Remote access method for industrial field data in industrial internet
US20230306103A1 (en) Pre-registration of authentication devices
CN104657491A (en) Method for transmitting data to client
Lakshmi et al. Emerging Technologies and Security in Cloud Computing
CN111539020B (en) Material purchase management system and method
CN113449167A (en) Data acquisition abnormity detection method and device, electronic equipment and readable storage medium
CN104394170B (en) Secured account application method, safety device, server and system
CN115664685B (en) Method and device for controlling on-chain data access based on attribute encryption
CN116506493A (en) Digital service handling method and handling system based on blockchain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
PP01 Preservation of patent right

Effective date of registration: 20211124

Granted publication date: 20210720

PP01 Preservation of patent right